Installing Avi Vantage with Mesosphere DC/OS (16.2)

This guide describes how to install Avi Vantage into an on-premises (private) Mesos cloud. The instructions in this guide can be used for installing Avi Vantage 16.2.

Avi Vantage integrates with Mesos and Marathon to provide the following services:

Full-featured service proxy (distributed load balancing)

Service discovery

Autoscaling

Application map and visibility

Note: This guide applies to installation within an on-premises cloud. If you are deploying into a Mesos cluster within Amazon Web Services (AWS), go here instead.

Here is how Avi Vantage integrates into a Mesos cloud:

As shown here, Avi Vantage consists of the Avi Controller cluster and multiple Service Engines (SEs). The Avi Controller analyzes traffic and can request spin-up/spin-down of SEs to load balance traffic. In a Mesos deployment, the Avi Controller works with Marathon to spin up/down SEs.

Deployment Prerequisites

Physical Node Requirements

The main components of the Avi Vantage solution, Avi Controllers and Service Engines (SEs), run as containers on Mesos nodes. For production deployment, a 3-node Avi Controller cluster is recommended, with the each of the Avi Controller nodes running on separate nodes. Each Avi SE is deployed as a container on one of the 3 Mesos nodes. Each Mesos node can run 1 SE container. The node on which the Avi Controller runs must meet at least the minimum system requirements, which are specified in this article.

System Time (NTP) Requirement

The system time on all nodes must be synchronized. Use of a Network Time Protocol (NTP) server is recommended.

Software Infrastructure Requirements

For deployment of SEs, the following system-level software is required:

Each node host OS must be a Linux distribution running systemd.

One of the following is required for SE spin up/down:

Fleet: Optional cluster management service for Mesos. If Fleet is installed, the Avi Controller can use it to schedule spin-up and spin­-down of SEs based on service health.

SSH: The Avi Controller uses password-less sudo SSH to access all the Mesos nodes in the cluster and create SEs on those nodes. The SSH user must have password-less sudo access to all the Mesos nodes in the Avi Vantage cluster. The SSH method requires a public-private key pair.You can import an existing private key onto the Avi Controller or generate a new key pair. In either case, the public key must be in the “/home/ssh_user/.ssh/authorized_keys” file, where ssh_user is the SSH username on all Mesos nodes. The Avi Controller setup wizard automatically stores the private key on the Avi Controller node when you import or generate the key.

Installing the Avi Controller

To install the Avi Controller:

Copy the .tgz package onto the Mesos node that will host the Avi Controller:

Docker registry for SE creation: Access information for the Docker Registry. Enter the IP address or hostname, and the access credentials. You can use either Docker Hub or your cloud’s private Docker Registry. You can change or customize settings following initial deployment using the Avi Controller’s web interface.

Setup Procedure

To start, use a browser to navigate to the Avi Controller.

Configure basic system settings:

Administrator account

DNS and NTP server information

Email and SMTP information

Select Mesos as the infrastructure type:

Configure Mesos infrastructure settings:

Mesos URL: IP address or hostname of the Mesos Master

Marathon URL: IP address or hostname of the Marathon instance in DC/OS

Marathon username and password

Configure settings for SE deployment.

If using Fleet:

If using SSH:

Note: The Avi Controller requires root access to the OS on the SE node to start the SE process on the node.

If the key pair already exists, use Import Private Key to import the private key for each SE node into the Avi Controller.

To instead generate a new key pair for SE creation, select Generate SSH Key Pair. Click Copy to clipboard; then copy the public key generated by the option into the following file on each of the SE nodes: /home/ssh_user/.ssh/authorized_keys

The H and X options are required. The H option inserts a Content­Type header for the Avi SE application. The X option changes the HTML method of the request from GET (the default) to POST. Replace marathon-ip-or-hostname with the IP address or hostname of Marathon.

Start a client container on the VM:

sudo docker run -d --name=aviclient avinetworks/server

Connect to the client container that you just started:

sudo docker exec -it aviclient bash

Generate test traffic:

ab -n 100 http://172.17.0.1:10001/100kb.txt

This command sends 100 requests for the specified file to the virtual service. The port number (10001 in this example) is the service port number assigned to the virtual service.

To view the service port number for the application, select the Configuration tab in the Marathon web interface. The virtual service service port number is specified in the Docker file by the servicePort parameter:

North-south Application with Inside VIP

Use these steps if the VIP is in the same Mesos cluster as the application but the client is outside the cluster. In this example, the Mesos host and the VIP (10.10.10.100) are both in subnet 10.10.10.0/24.

Create a Docker image file such as the following for the application. In the file, edit the FE-Proxy­VIP to match the address of your VIP.

The H and X options are required. The H option inserts a Content­Type header for the Avi SE application. The X option changes the HTML method of the request from GET (the default) to POST. Replace marathon-ip-or-hostname with the IP address or hostname of Marathon.

To generate traffic to the application, open an SSH ssh connection to another VM that is located in the same network as the host, and enter the following command:

ab -n 100 http://10.10.10.100/100kb.txt

This command sends 100 requests for the specified file to the application VIP (10.10.10.100 in this example).

North-south Application with Outside VIP

Use these steps if neither the VIP nor the client is in the same Mesos cluster as the application. In this example, the VIP is 20.20.20.20.

Create a Docker image file such as the following for the application. In the file, edit the FE-Proxy­VIP to match the address of your VIP.

The H and X options are required. The H option inserts a Content­Type header for the Avi SE application. The X option changes the HTML method of the request from GET (the default) to POST. Replace marathon-­ip-or-hostname with the IP address or hostname of Marathon.

To generate traffic to the application:

Open an SSH ssh connection to another VM that is located in the same network as the host.

Add a static host route that forwards traffic addressed to the VIP to the VM IP address:

ip route add 20.20.20.20/32 via

Generate traffic:

ab -n 100 http://20.20.20.20/100kb.txt

This command sends 100 requests for the specified file to the application VIP (20.20.20.20 in this example).

Creating Virtual Services (applications)

After Avi Vantage is installed, virtual services (applications) can be created. For information: